git: 865f46b25559 - main - unbound: Reapply Vendor import 1.17.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 16 Oct 2022 21:09:14 UTC
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/src/commit/?id=865f46b255599c4a645e84a4cbb5ea7abdc0e207
commit 865f46b255599c4a645e84a4cbb5ea7abdc0e207
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-10-16 21:04:22 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-10-16 21:08:33 +0000
unbound: Reapply Vendor import 1.17.0
Reapply 643f9a0581e8aac7eb790ced1164748939829826. 64d318ea98b7 was a
mismerge during fake rebase. Let's reapply it.
Changes include: Added ACL per interface, proxy protocol and bug fixes.
Announcement: https://nlnetlabs.nl/news/2022/Oct/13/unbound-1.17.0-released/
Merge commit '643f9a0581e8aac7eb790ced1164748939829826' into main
---
contrib/unbound/Makefile.in | 8 +-
contrib/unbound/acx_nlnetlabs.m4 | 6 +-
contrib/unbound/compat/arc4random.c | 8 +-
contrib/unbound/config.guess | 8 +-
contrib/unbound/config.h.in | 15 +
contrib/unbound/config.sub | 27 +-
contrib/unbound/configure | 100 ++-
contrib/unbound/configure.ac | 13 +-
contrib/unbound/daemon/acl_list.c | 447 +++++++++--
contrib/unbound/daemon/acl_list.h | 39 +-
contrib/unbound/daemon/daemon.c | 61 +-
contrib/unbound/daemon/daemon.h | 2 +
contrib/unbound/daemon/remote.c | 6 +-
contrib/unbound/daemon/stats.c | 27 +-
contrib/unbound/daemon/worker.c | 152 ++--
contrib/unbound/daemon/worker.h | 4 +
contrib/unbound/dnstap/dtstream.c | 4 +-
contrib/unbound/dnstap/unbound-dnstap-socket.c | 4 +-
contrib/unbound/doc/Changelog | 107 +++
contrib/unbound/doc/README | 2 +-
contrib/unbound/doc/example.conf.in | 68 +-
contrib/unbound/doc/libunbound.3.in | 4 +-
contrib/unbound/doc/unbound-anchor.8.in | 2 +-
contrib/unbound/doc/unbound-checkconf.8.in | 2 +-
contrib/unbound/doc/unbound-control.8.in | 2 +-
contrib/unbound/doc/unbound-host.1.in | 2 +-
contrib/unbound/doc/unbound.8.in | 4 +-
contrib/unbound/doc/unbound.conf.5.in | 63 +-
contrib/unbound/edns-subnet/addrtree.c | 9 +-
contrib/unbound/edns-subnet/addrtree.h | 7 +-
contrib/unbound/edns-subnet/subnetmod.c | 43 +-
contrib/unbound/iterator/iter_hints.c | 2 +-
contrib/unbound/iterator/iter_resptype.c | 6 +-
contrib/unbound/iterator/iterator.c | 105 ++-
contrib/unbound/iterator/iterator.h | 2 +-
contrib/unbound/libunbound/libunbound.c | 4 +-
contrib/unbound/respip/respip.c | 10 +-
contrib/unbound/respip/respip.h | 6 +-
contrib/unbound/services/authzone.c | 6 +-
contrib/unbound/services/cache/infra.c | 37 +-
contrib/unbound/services/cache/infra.h | 7 +-
contrib/unbound/services/listen_dnsport.c | 134 ++--
contrib/unbound/services/listen_dnsport.h | 14 +-
contrib/unbound/services/localzone.c | 12 +-
contrib/unbound/services/mesh.c | 13 +-
contrib/unbound/services/outside_network.c | 162 ++--
contrib/unbound/services/outside_network.h | 24 +
contrib/unbound/services/rpz.c | 28 +-
contrib/unbound/services/view.c | 5 +-
contrib/unbound/smallapp/unbound-checkconf.c | 18 +-
contrib/unbound/smallapp/unbound-control.c | 4 +-
contrib/unbound/testdata/iter_ghost_sub.rpl | 309 --------
contrib/unbound/testdata/iter_ghost_timewindow.rpl | 391 ----------
contrib/unbound/util/config_file.c | 54 +-
contrib/unbound/util/config_file.h | 20 +
contrib/unbound/util/configlexer.lex | 6 +
contrib/unbound/util/configparser.y | 129 +++-
contrib/unbound/util/fptr_wlist.c | 1 +
contrib/unbound/util/net_help.c | 6 +-
contrib/unbound/util/net_help.h | 8 +-
contrib/unbound/util/netevent.c | 836 ++++++++++++++++-----
contrib/unbound/util/netevent.h | 42 +-
contrib/unbound/util/proxy_protocol.c | 139 ++++
contrib/unbound/util/proxy_protocol.h | 131 ++++
contrib/unbound/util/storage/dnstree.c | 13 +
contrib/unbound/util/storage/dnstree.h | 10 +
contrib/unbound/util/tube.c | 42 ++
contrib/unbound/util/tube.h | 8 +
lib/libunbound/Makefile | 3 +-
usr.sbin/unbound/config.h | 6 +-
70 files changed, 2668 insertions(+), 1331 deletions(-)
diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in
index 3189731ad52f..e7c76c2588aa 100644
--- a/contrib/unbound/Makefile.in
+++ b/contrib/unbound/Makefile.in
@@ -130,7 +130,7 @@ util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \
util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \
util/rtt.c util/edns.c util/storage/dnstree.c util/storage/lookup3.c \
util/storage/lruhash.c util/storage/slabhash.c util/tcp_conn_limit.c \
-util/timehist.c util/tube.c \
+util/timehist.c util/tube.c util/proxy_protocol.c \
util/ub_event.c util/ub_event_pluggable.c util/winsock_event.c \
validator/autotrust.c validator/val_anchor.c validator/validator.c \
validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \
@@ -148,7 +148,7 @@ outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo \
fptr_wlist.lo edns.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \
random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \
slabhash.lo tcp_conn_limit.lo timehist.lo tube.lo winsock_event.lo \
-autotrust.lo val_anchor.lo rpz.lo \
+autotrust.lo val_anchor.lo rpz.lo proxy_protocol.lo \
validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo $(CACHEDB_OBJ) authzone.lo \
$(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \
@@ -984,6 +984,8 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/neteve
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \
$(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \
$(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h
+proxy_protocol.lo proxy_protocol.o: $(srcdir)/util/proxy_protocol.c config.h \
+ $(srcdir)/util/proxy_protocol.h $(srcdir)/sldns/sbuffer.h
net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
@@ -1512,7 +1514,7 @@ asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libu
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h
streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/proxy_protocol.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
diff --git a/contrib/unbound/acx_nlnetlabs.m4 b/contrib/unbound/acx_nlnetlabs.m4
index 1574f97bfe02..cf436ec54bb6 100644
--- a/contrib/unbound/acx_nlnetlabs.m4
+++ b/contrib/unbound/acx_nlnetlabs.m4
@@ -2,7 +2,8 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
-# Version 43
+# Version 44
+# 2022-09-01 fix checking if nonblocking sockets work on OpenBSD.
# 2021-08-17 fix sed script in ssldir split handling.
# 2021-08-17 fix for openssl to detect split version, with ssldir_include
# and ssldir_lib output directories.
@@ -963,6 +964,9 @@ AC_LANG_SOURCE([[
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
diff --git a/contrib/unbound/compat/arc4random.c b/contrib/unbound/compat/arc4random.c
index b536d3143d42..486ab89c68d8 100644
--- a/contrib/unbound/compat/arc4random.c
+++ b/contrib/unbound/compat/arc4random.c
@@ -57,6 +57,8 @@
#define BLOCKSZ 64
#define RSBUFSZ (16*BLOCKSZ)
+#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */
+
/* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */
static struct {
size_t rs_have; /* valid bytes at end of rs_buf */
@@ -179,6 +181,7 @@ static void
_rs_stir(void)
{
u_char rnd[KEYSZ + IVSZ];
+ uint32_t rekey_fuzz = 0;
if (getentropy(rnd, sizeof rnd) == -1) {
if(errno != ENOSYS ||
@@ -201,7 +204,10 @@ _rs_stir(void)
rs->rs_have = 0;
memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
- rs->rs_count = 1600000;
+ /* rekey interval should not be predictable */
+ chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz,
+ (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz));
+ rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE);
}
static inline void
diff --git a/contrib/unbound/config.guess b/contrib/unbound/config.guess
index a419d8643b62..980b02083815 100755
--- a/contrib/unbound/config.guess
+++ b/contrib/unbound/config.guess
@@ -4,7 +4,7 @@
# shellcheck disable=SC2006,SC2268 # see below for rationale
-timestamp='2022-08-01'
+timestamp='2022-09-17'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -966,6 +966,12 @@ EOF
GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC
;;
+ x86_64:[Mm]anagarm:*:*|i?86:[Mm]anagarm:*:*)
+ GUESS="$UNAME_MACHINE-pc-managarm-mlibc"
+ ;;
+ *:[Mm]anagarm:*:*)
+ GUESS="$UNAME_MACHINE-unknown-managarm-mlibc"
+ ;;
*:Minix:*:*)
GUESS=$UNAME_MACHINE-unknown-minix
;;
diff --git a/contrib/unbound/config.h.in b/contrib/unbound/config.h.in
index cc1fbe864818..2caecf30d040 100644
--- a/contrib/unbound/config.h.in
+++ b/contrib/unbound/config.h.in
@@ -298,6 +298,9 @@
/* Define to 1 if you have the `getrlimit' function. */
#undef HAVE_GETRLIMIT
+/* Define to 1 if you have the `gettid' function. */
+#undef HAVE_GETTID
+
/* Define to 1 if you have the `glob' function. */
#undef HAVE_GLOB
@@ -457,6 +460,12 @@
/* Define to 1 if you have the `OSSL_PARAM_BLD_new' function. */
#undef HAVE_OSSL_PARAM_BLD_NEW
+/* Define to 1 if you have the `poll' function. */
+#undef HAVE_POLL
+
+/* Define to 1 if you have the <poll.h> header file. */
+#undef HAVE_POLL_H
+
/* Define if you have POSIX threads libraries and header files. */
#undef HAVE_PTHREAD
@@ -800,12 +809,18 @@
/* Shared data */
#undef SHARE_DIR
+/* The size of `pthread_t', as computed by sizeof. */
+#undef SIZEOF_PTHREAD_T
+
/* The size of `size_t', as computed by sizeof. */
#undef SIZEOF_SIZE_T
/* The size of `time_t', as computed by sizeof. */
#undef SIZEOF_TIME_T
+/* The size of `unsigned long', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_LONG
+
/* define if (v)snprintf does not return length needed, (but length used) */
#undef SNPRINTF_RET_BROKEN
diff --git a/contrib/unbound/config.sub b/contrib/unbound/config.sub
index fbaa37f2352d..baf1512b3c03 100755
--- a/contrib/unbound/config.sub
+++ b/contrib/unbound/config.sub
@@ -4,7 +4,7 @@
# shellcheck disable=SC2006,SC2268 # see below for rationale
-timestamp='2022-08-01'
+timestamp='2022-09-17'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -145,7 +145,7 @@ case $1 in
nto-qnx* | linux-* | uclinux-uclibc* \
| uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \
| netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \
- | storm-chaos* | os2-emx* | rtmk-nova*)
+ | storm-chaos* | os2-emx* | rtmk-nova* | managarm-*)
basic_machine=$field1
basic_os=$maybe_os
;;
@@ -1341,6 +1341,10 @@ EOF
kernel=linux
os=`echo "$basic_os" | sed -e 's|linux|gnu|'`
;;
+ managarm*)
+ kernel=managarm
+ os=`echo "$basic_os" | sed -e 's|managarm|mlibc|'`
+ ;;
*)
kernel=
os=$basic_os
@@ -1754,7 +1758,7 @@ case $os in
| onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \
| midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \
| nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \
- | fiwix* )
+ | fiwix* | mlibc* )
;;
# This one is extra strict with allowed versions
sco3.2v2 | sco3.2v[4-9]* | sco5v6*)
@@ -1762,6 +1766,9 @@ case $os in
;;
none)
;;
+ kernel* )
+ # Restricted further below
+ ;;
*)
echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2
exit 1
@@ -1772,16 +1779,26 @@ esac
# (given a valid OS), if there is a kernel.
case $kernel-$os in
linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \
- | linux-musl* | linux-relibc* | linux-uclibc* )
+ | linux-musl* | linux-relibc* | linux-uclibc* | linux-mlibc* )
;;
uclinux-uclibc* )
;;
- -dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* )
+ managarm-mlibc* | managarm-kernel* )
+ ;;
+ -dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* | -mlibc* )
# These are just libc implementations, not actual OSes, and thus
# require a kernel.
echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2
exit 1
;;
+ -kernel* )
+ echo "Invalid configuration \`$1': \`$os' needs explicit kernel." 1>&2
+ exit 1
+ ;;
+ *-kernel* )
+ echo "Invalid configuration \`$1': \`$kernel' does not support \`$os'." 1>&2
+ exit 1
+ ;;
kfreebsd*-gnu* | kopensolaris*-gnu*)
;;
vxworks-simlinux | vxworks-simwindows | vxworks-spe)
diff --git a/contrib/unbound/configure b/contrib/unbound/configure
index f40187910ecc..a2837d18553b 100755
--- a/contrib/unbound/configure
+++ b/contrib/unbound/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for unbound 1.16.3.
+# Generated by GNU Autoconf 2.69 for unbound 1.17.0.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
#
@@ -591,8 +591,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.16.3'
-PACKAGE_STRING='unbound 1.16.3'
+PACKAGE_VERSION='1.17.0'
+PACKAGE_STRING='unbound 1.17.0'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
PACKAGE_URL=''
@@ -1477,7 +1477,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures unbound 1.16.3 to adapt to many kinds of systems.
+\`configure' configures unbound 1.17.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1543,7 +1543,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of unbound 1.16.3:";;
+ short | recursive ) echo "Configuration of unbound 1.17.0:";;
esac
cat <<\_ACEOF
@@ -1785,7 +1785,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-unbound configure 1.16.3
+unbound configure 1.17.0
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2494,7 +2494,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by unbound $as_me 1.16.3, which was
+It was created by unbound $as_me 1.17.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2844,13 +2844,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
UNBOUND_VERSION_MAJOR=1
-UNBOUND_VERSION_MINOR=16
+UNBOUND_VERSION_MINOR=17
-UNBOUND_VERSION_MICRO=3
+UNBOUND_VERSION_MICRO=0
LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=19
+LIBUNBOUND_REVISION=20
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -2937,6 +2937,7 @@ LIBUNBOUND_AGE=1
# 1.16.1 had 9:17:1
# 1.16.2 had 9:18:1
# 1.16.3 had 9:19:1
+# 1.17.0 had 9:20:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -14772,7 +14773,7 @@ fi
fi
# Checks for header files.
-for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h
+for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h poll.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
@@ -16031,6 +16032,9 @@ else
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
@@ -17101,6 +17105,72 @@ _ACEOF
fi
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5
+$as_echo_n "checking size of unsigned long... " >&6; }
+if ${ac_cv_sizeof_unsigned_long+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_unsigned_long" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned long)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_unsigned_long=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5
+$as_echo "$ac_cv_sizeof_unsigned_long" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long
+_ACEOF
+
+
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of pthread_t" >&5
+$as_echo_n "checking size of pthread_t... " >&6; }
+if ${ac_cv_sizeof_pthread_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (pthread_t))" "ac_cv_sizeof_pthread_t" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_pthread_t" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (pthread_t)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_pthread_t=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_pthread_t" >&5
+$as_echo "$ac_cv_sizeof_pthread_t" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_PTHREAD_T $ac_cv_sizeof_pthread_t
+_ACEOF
+
+
if echo "$CFLAGS" | $GREP -e "-pthread" >/dev/null; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if -pthread unused during linking" >&5
@@ -20591,7 +20661,7 @@ if test "$ac_res" != no; then :
fi
-for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs if_nametoindex
+for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs if_nametoindex poll gettid
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -22015,7 +22085,7 @@ _ACEOF
-version=1.16.3
+version=1.17.0
date=`date +'%b %e, %Y'`
@@ -22534,7 +22604,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by unbound $as_me 1.16.3, which was
+This file was extended by unbound $as_me 1.17.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -22600,7 +22670,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-unbound config.status 1.16.3
+unbound config.status 1.17.0
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac
index bf8aa9d8cdb0..57cc7e604b1e 100644
--- a/contrib/unbound/configure.ac
+++ b/contrib/unbound/configure.ac
@@ -10,15 +10,15 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
-m4_define([VERSION_MINOR],[16])
-m4_define([VERSION_MICRO],[3])
+m4_define([VERSION_MINOR],[17])
+m4_define([VERSION_MICRO],[0])
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=19
+LIBUNBOUND_REVISION=20
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -105,6 +105,7 @@ LIBUNBOUND_AGE=1
# 1.16.1 had 9:17:1
# 1.16.2 had 9:18:1
# 1.16.3 had 9:19:1
+# 1.17.0 had 9:20:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -397,7 +398,7 @@ PKG_PROG_PKG_CONFIG
fi
# Checks for header files.
-AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h],,, [AC_INCLUDES_DEFAULT])
+AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h poll.h],,, [AC_INCLUDES_DEFAULT])
# net/if.h portability for Darwin see:
# https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Header-Portability.html
AC_CHECK_HEADERS([net/if.h],,, [
@@ -607,6 +608,8 @@ if test x_$withval != x_no; then
CC="$PTHREAD_CC"
ub_have_pthreads=yes
AC_CHECK_TYPES([pthread_spinlock_t, pthread_rwlock_t],,,[#include <pthread.h>])
+ AC_CHECK_SIZEOF([unsigned long])
+ AC_CHECK_SIZEOF(pthread_t)
if echo "$CFLAGS" | $GREP -e "-pthread" >/dev/null; then
AC_MSG_CHECKING([if -pthread unused during linking])
@@ -1644,7 +1647,7 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([
AC_MSG_RESULT(no))
AC_SEARCH_LIBS([setusercontext], [util])
-AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs if_nametoindex])
+AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs if_nametoindex poll gettid])
AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])])
AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])])
diff --git a/contrib/unbound/daemon/acl_list.c b/contrib/unbound/daemon/acl_list.c
index aecb3e0c6437..f3961dbbb7ad 100644
--- a/contrib/unbound/daemon/acl_list.c
+++ b/contrib/unbound/daemon/acl_list.c
@@ -46,9 +46,10 @@
#include "util/config_file.h"
#include "util/net_help.h"
#include "services/localzone.h"
+#include "services/listen_dnsport.h"
#include "sldns/str2wire.h"
-struct acl_list*
+struct acl_list*
acl_list_create(void)
{
struct acl_list* acl = (struct acl_list*)calloc(1,
@@ -63,10 +64,10 @@ acl_list_create(void)
return acl;
}
-void
+void
acl_list_delete(struct acl_list* acl)
{
- if(!acl)
+ if(!acl)
return;
regional_destroy(acl->region);
free(acl);
@@ -74,8 +75,8 @@ acl_list_delete(struct acl_list* acl)
/** insert new address into acl_list structure */
static struct acl_addr*
-acl_list_insert(struct acl_list* acl, struct sockaddr_storage* addr,
- socklen_t addrlen, int net, enum acl_access control,
+acl_list_insert(struct acl_list* acl, struct sockaddr_storage* addr,
+ socklen_t addrlen, int net, enum acl_access control,
int complain_duplicates)
{
struct acl_addr* node = regional_alloc_zero(acl->region,
@@ -90,6 +91,31 @@ acl_list_insert(struct acl_list* acl, struct sockaddr_storage* addr,
return node;
}
+/** parse str to acl_access enum */
+static int
+parse_acl_access(const char* str, enum acl_access* control)
+{
+ if(strcmp(str, "allow") == 0)
+ *control = acl_allow;
+ else if(strcmp(str, "deny") == 0)
+ *control = acl_deny;
+ else if(strcmp(str, "refuse") == 0)
+ *control = acl_refuse;
+ else if(strcmp(str, "deny_non_local") == 0)
+ *control = acl_deny_non_local;
+ else if(strcmp(str, "refuse_non_local") == 0)
+ *control = acl_refuse_non_local;
+ else if(strcmp(str, "allow_snoop") == 0)
+ *control = acl_allow_snoop;
+ else if(strcmp(str, "allow_setrd") == 0)
+ *control = acl_allow_setrd;
+ else {
+ log_err("access control type %s unknown", str);
+ return 0;
+ }
+ return 1;
+}
+
/** apply acl_list string */
static int
acl_list_str_cfg(struct acl_list* acl, const char* str, const char* s2,
@@ -99,29 +125,14 @@ acl_list_str_cfg(struct acl_list* acl, const char* str, const char* s2,
int net;
socklen_t addrlen;
enum acl_access control;
- if(strcmp(s2, "allow") == 0)
- control = acl_allow;
- else if(strcmp(s2, "deny") == 0)
- control = acl_deny;
- else if(strcmp(s2, "refuse") == 0)
- control = acl_refuse;
- else if(strcmp(s2, "deny_non_local") == 0)
- control = acl_deny_non_local;
- else if(strcmp(s2, "refuse_non_local") == 0)
- control = acl_refuse_non_local;
- else if(strcmp(s2, "allow_snoop") == 0)
- control = acl_allow_snoop;
- else if(strcmp(s2, "allow_setrd") == 0)
- control = acl_allow_setrd;
- else {
- log_err("access control type %s unknown", str);
+ if(!parse_acl_access(s2, &control)) {
return 0;
}
if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) {
log_err("cannot parse access control: %s %s", str, s2);
return 0;
}
- if(!acl_list_insert(acl, &addr, addrlen, net, control,
+ if(!acl_list_insert(acl, &addr, addrlen, net, control,
complain_duplicates)) {
log_err("out of memory");
return 0;
@@ -131,19 +142,27 @@ acl_list_str_cfg(struct acl_list* acl, const char* str, const char* s2,
/** find or create node (NULL on parse or error) */
static struct acl_addr*
-acl_find_or_create(struct acl_list* acl, const char* str)
+acl_find_or_create_str2addr(struct acl_list* acl, const char* str,
+ int is_interface, int port)
{
struct acl_addr* node;
struct sockaddr_storage addr;
- int net;
socklen_t addrlen;
- if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) {
- log_err("cannot parse netblock: %s", str);
- return NULL;
+ int net = (str_is_ip6(str)?128:32);
+ if(is_interface) {
+ if(!extstrtoaddr(str, &addr, &addrlen, port)) {
+ log_err("cannot parse interface: %s", str);
+ return NULL;
+ }
+ } else {
+ if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) {
+ log_err("cannot parse netblock: %s", str);
+ return NULL;
+ }
}
/* find or create node */
if(!(node=(struct acl_addr*)addr_tree_find(&acl->tree, &addr,
- addrlen, net))) {
+ addrlen, net)) && !is_interface) {
/* create node, type 'allow' since otherwise tags are
* pointless, can override with specific access-control: cfg */
if(!(node=(struct acl_addr*)acl_list_insert(acl, &addr,
@@ -155,14 +174,65 @@ acl_find_or_create(struct acl_list* acl, const char* str)
return node;
}
+/** find or create node (NULL on error) */
+static struct acl_addr*
+acl_find_or_create(struct acl_list* acl, struct sockaddr_storage* addr,
+ socklen_t addrlen, enum acl_access control)
+{
+ struct acl_addr* node;
+ int net = (addr_is_ip6(addr, addrlen)?128:32);
+ /* find or create node */
+ if(!(node=(struct acl_addr*)addr_tree_find(&acl->tree, addr,
+ addrlen, net))) {
+ /* create node;
+ * can override with specific access-control: cfg */
+ if(!(node=(struct acl_addr*)acl_list_insert(acl, addr,
+ addrlen, net, control, 1))) {
+ log_err("out of memory");
+ return NULL;
+ }
+ }
+ return node;
+}
+
+/** apply acl_interface string */
+static int
+acl_interface_str_cfg(struct acl_list* acl_interface, const char* iface,
+ const char* s2, int port)
+{
+ struct acl_addr* node;
+ enum acl_access control;
+ if(!parse_acl_access(s2, &control)) {
+ return 0;
+ }
+ if(!(node=acl_find_or_create_str2addr(acl_interface, iface, 1, port))) {
+ log_err("cannot update ACL on non-configured interface: %s %d",
+ iface, port);
+ return 0;
+ }
+ node->control = control;
+ return 1;
+}
+
+struct acl_addr*
+acl_interface_insert(struct acl_list* acl_interface,
+ struct sockaddr_storage* addr, socklen_t addrlen,
+ enum acl_access control)
+{
+ return acl_find_or_create(acl_interface, addr, addrlen, control);
+}
+
/** apply acl_tag string */
static int
acl_list_tags_cfg(struct acl_list* acl, const char* str, uint8_t* bitmap,
- size_t bitmaplen)
+ size_t bitmaplen, int is_interface, int port)
{
struct acl_addr* node;
- if(!(node=acl_find_or_create(acl, str)))
+ if(!(node=acl_find_or_create_str2addr(acl, str, is_interface, port))) {
+ if(is_interface)
+ log_err("non-configured interface: %s", str);
return 0;
+ }
node->taglen = bitmaplen;
node->taglist = regional_alloc_init(acl->region, bitmap, bitmaplen);
if(!node->taglist) {
@@ -175,11 +245,14 @@ acl_list_tags_cfg(struct acl_list* acl, const char* str, uint8_t* bitmap,
/** apply acl_view string */
static int
acl_list_view_cfg(struct acl_list* acl, const char* str, const char* str2,
- struct views* vs)
+ struct views* vs, int is_interface, int port)
{
struct acl_addr* node;
- if(!(node=acl_find_or_create(acl, str)))
+ if(!(node=acl_find_or_create_str2addr(acl, str, is_interface, port))) {
+ if(is_interface)
+ log_err("non-configured interface: %s", str);
return 0;
+ }
node->view = views_find_view(vs, str2, 0 /* get read lock*/);
if(!node->view) {
log_err("no view with name: %s", str2);
@@ -192,13 +265,17 @@ acl_list_view_cfg(struct acl_list* acl, const char* str, const char* str2,
/** apply acl_tag_action string */
static int
acl_list_tag_action_cfg(struct acl_list* acl, struct config_file* cfg,
- const char* str, const char* tag, const char* action)
+ const char* str, const char* tag, const char* action,
+ int is_interface, int port)
{
struct acl_addr* node;
int tagid;
enum localzone_type t;
- if(!(node=acl_find_or_create(acl, str)))
+ if(!(node=acl_find_or_create_str2addr(acl, str, is_interface, port))) {
+ if(is_interface)
+ log_err("non-configured interface: %s", str);
return 0;
+ }
/* allocate array if not yet */
if(!node->tag_actions) {
node->tag_actions = (uint8_t*)regional_alloc_zero(acl->region,
@@ -281,13 +358,17 @@ check_data(const char* data, const struct config_strlist* head)
/** apply acl_tag_data string */
static int
acl_list_tag_data_cfg(struct acl_list* acl, struct config_file* cfg,
- const char* str, const char* tag, const char* data)
+ const char* str, const char* tag, const char* data,
+ int is_interface, int port)
{
struct acl_addr* node;
int tagid;
char* dupdata;
- if(!(node=acl_find_or_create(acl, str)))
+ if(!(node=acl_find_or_create_str2addr(acl, str, is_interface, port))) {
+ if(is_interface)
+ log_err("non-configured interface: %s", str);
return 0;
+ }
/* allocate array if not yet */
if(!node->tag_datas) {
node->tag_datas = (struct config_strlist**)regional_alloc_zero(
@@ -329,11 +410,11 @@ acl_list_tag_data_cfg(struct acl_list* acl, struct config_file* cfg,
}
/** read acl_list config */
-static int
-read_acl_list(struct acl_list* acl, struct config_file* cfg)
+static int
+read_acl_list(struct acl_list* acl, struct config_str2list* acls)
{
struct config_str2list* p;
- for(p = cfg->acls; p; p = p->next) {
+ for(p = acls; p; p = p->next) {
log_assert(p->str && p->str2);
if(!acl_list_str_cfg(acl, p->str, p->str2, 1))
return 0;
@@ -341,16 +422,17 @@ read_acl_list(struct acl_list* acl, struct config_file* cfg)
return 1;
}
-/** read acl tags config */
-static int
-read_acl_tags(struct acl_list* acl, struct config_file* cfg)
+/** read acl view config */
+static int
+read_acl_view(struct acl_list* acl, struct config_str2list** acl_view,
+ struct views* v)
{
- struct config_strbytelist* np, *p = cfg->acl_tags;
- cfg->acl_tags = NULL;
+ struct config_str2list* np, *p = *acl_view;
+ *acl_view = NULL;
while(p) {
log_assert(p->str && p->str2);
- if(!acl_list_tags_cfg(acl, p->str, p->str2, p->str2len)) {
- config_del_strbytelist(p);
+ if(!acl_list_view_cfg(acl, p->str, p->str2, v, 0, 0)) {
+ config_deldblstrlist(p);
return 0;
}
/* free the items as we go to free up memory */
@@ -363,15 +445,16 @@ read_acl_tags(struct acl_list* acl, struct config_file* cfg)
return 1;
}
-/** read acl view config */
-static int
-read_acl_view(struct acl_list* acl, struct config_file* cfg, struct views* v)
+/** read acl tags config */
+static int
+read_acl_tags(struct acl_list* acl, struct config_strbytelist** acl_tags)
{
- struct config_str2list* np, *p = cfg->acl_view;
- cfg->acl_view = NULL;
+ struct config_strbytelist* np, *p = *acl_tags;
+ *acl_tags = NULL;
while(p) {
log_assert(p->str && p->str2);
- if(!acl_list_view_cfg(acl, p->str, p->str2, v)) {
+ if(!acl_list_tags_cfg(acl, p->str, p->str2, p->str2len, 0, 0)) {
+ config_del_strbytelist(p);
return 0;
}
/* free the items as we go to free up memory */
@@ -385,16 +468,17 @@ read_acl_view(struct acl_list* acl, struct config_file* cfg, struct views* v)
}
/** read acl tag actions config */
-static int
-read_acl_tag_actions(struct acl_list* acl, struct config_file* cfg)
+static int
+read_acl_tag_actions(struct acl_list* acl, struct config_file* cfg,
+ struct config_str3list** acl_tag_actions)
{
struct config_str3list* p, *np;
- p = cfg->acl_tag_actions;
- cfg->acl_tag_actions = NULL;
+ p = *acl_tag_actions;
+ *acl_tag_actions = NULL;
while(p) {
log_assert(p->str && p->str2 && p->str3);
if(!acl_list_tag_action_cfg(acl, cfg, p->str, p->str2,
- p->str3)) {
+ p->str3, 0, 0)) {
config_deltrplstrlist(p);
return 0;
}
@@ -410,15 +494,17 @@ read_acl_tag_actions(struct acl_list* acl, struct config_file* cfg)
}
/** read acl tag datas config */
-static int
-read_acl_tag_datas(struct acl_list* acl, struct config_file* cfg)
+static int
+read_acl_tag_datas(struct acl_list* acl, struct config_file* cfg,
+ struct config_str3list** acl_tag_datas)
{
struct config_str3list* p, *np;
- p = cfg->acl_tag_datas;
- cfg->acl_tag_datas = NULL;
+ p = *acl_tag_datas;
+ *acl_tag_datas = NULL;
while(p) {
log_assert(p->str && p->str2 && p->str3);
- if(!acl_list_tag_data_cfg(acl, cfg, p->str, p->str2, p->str3)) {
+ if(!acl_list_tag_data_cfg(acl, cfg, p->str, p->str2, p->str3,
+ 0, 0)) {
config_deltrplstrlist(p);
return 0;
}
@@ -433,30 +519,27 @@ read_acl_tag_datas(struct acl_list* acl, struct config_file* cfg)
return 1;
*** 6364 LINES SKIPPED ***